[jira] [Commented] (MGPG-92) `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
[
https://issues.apache.org/jira/browse/MGPG-92?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17847418#comment-17847418
]
Tamas Cservenak commented on MGPG-92:
-
True, in case of HW device BouncyCastle signer will not help.
Am not quite educated with HW keys, could you maybe provide a PR or at least a
"hint" what should be modified to make it work for you?
> `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
>
>
> Key: MGPG-92
> URL: https://issues.apache.org/jira/browse/MGPG-92
> Project: Maven GPG Plugin
> Issue Type: Bug
>Reporter: Nick Dimiduk
>Priority: Major
>
> Over on HBASE-27312, we found an issue in our release automation, which
> relies on using this plugin and a GnuPG agent for performing builds inside of
> an isolated environment. With GPG version >= 2.1, the plugin will make use of
> {{--pinentry-mode error}}. This feature appears to not be available using the
> "extra" gpg-agent socket. We had to "upgrade" to using the "standard" socket,
> which probably exposes more gpg features to the isolated environment than we
> would like.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MGPG-92) `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
[
https://issues.apache.org/jira/browse/MGPG-92?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17847338#comment-17847338
]
Nick Dimiduk commented on MGPG-92:
--
I may be mistaken, but I think this is not possible when the signing material
is stored on a hardware device. In this case, there is no password that can be
provided, and the only option is forwarding the agent. Anyway, this use-case
where this came up is not an "isolated" environment, though it is jumping
through several hoops in order to sign in a container process running in a VM
on the localhost (i.e., Docker Desktop + MacOS).
> `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
>
>
> Key: MGPG-92
> URL: https://issues.apache.org/jira/browse/MGPG-92
> Project: Maven GPG Plugin
> Issue Type: Bug
>Reporter: Nick Dimiduk
>Priority: Major
>
> Over on HBASE-27312, we found an issue in our release automation, which
> relies on using this plugin and a GnuPG agent for performing builds inside of
> an isolated environment. With GPG version >= 2.1, the plugin will make use of
> {{--pinentry-mode error}}. This feature appears to not be available using the
> "extra" gpg-agent socket. We had to "upgrade" to using the "standard" socket,
> which probably exposes more gpg features to the isolated environment than we
> would like.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MGPG-92) `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
[
https://issues.apache.org/jira/browse/MGPG-92?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823306#comment-17823306
]
Tamas Cservenak commented on MGPG-92:
-
In isolated environment the "bc" signer is recommended, without hoops and loops
(and provide key and passphrase as env values).
> `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
>
>
> Key: MGPG-92
> URL: https://issues.apache.org/jira/browse/MGPG-92
> Project: Maven GPG Plugin
> Issue Type: Bug
>Reporter: Nick Dimiduk
>Priority: Major
>
> Over on HBASE-27312, we found an issue in our release automation, which
> relies on using this plugin and a GnuPG agent for performing builds inside of
> an isolated environment. With GPG version >= 2.1, the plugin will make use of
> {{--pinentry-mode error}}. This feature appears to not be available using the
> "extra" gpg-agent socket. We had to "upgrade" to using the "standard" socket,
> which probably exposes more gpg features to the isolated environment than we
> would like.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
